A Method for Recommending Computer-Security Training for Software Developers: Leveraging the Power of Static Analysis Techniques and Vulnerability Repositories[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

A Study on the Secure Software Development Life Cycle for Common Criteria (CC) Certification[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

An Information Flow-Based Taxonomy to Understand the Nature of Software Vulnerabilities[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID.]

ASVC: An Automatic Security Vulnerability Categorization Framework Based on Novel Features of Vulnerability Data[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

ASVC: An Automatic Security Vulnerability Categorization Framework Based on Novel Features of Vulnerability Data[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

CrossTalk - Static Analysis is Not Enough: The Role of Architecture and Design in Software Assurance[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Standard IdentifierUses CWE IDs as a standard Identifier system.]

HACKAR: Helpful Advice for Code Knowledge and Attack Resilience[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

Identifying performance assurance challenges for smart manufacturing[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

Non-Malicious Taint: Bad Hygiene is as Dangerous to the Mission as Malicious Intent[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

On the capability of static code analysis to detect security vulnerabilities[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

Ontology-based modeling of DDoS attacks for attack plan detection[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

SecuWear: An open source, multi-component hardware/software platform for exploring wearable security[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

The Prediction of Code Clone Quality Based on Bayesian Network[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

The weak point: A framework to enhance operational mission data systems security[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

What Does OWASP Top 10 Coverage Mean to You…and Do You Have It?[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

What Every Engineer Should Know About Cyber Security and Digital Forensics[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CWE IDs as a standard Identifier system., Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid]

SwA-CM-in-PPP[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CWE IDs as a standard Identifier system., and Uses Specific CWE InfoMakes use of specific information from CWE.]

Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid]

Categorizing Code Complexities in Support of Analysis[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, Specific CWE IDs UsedDiscusses specific CWE issues by their CWE ID., and Uses Specific CWE InfoMakes use of specific information from CWE.]

Ontology-based modeling of DDoS attacks for attack plan detection[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid, and Uses Specific CWE InfoMakes use of specific information from CWE.]

Academia

Evaluating a Method to Develop and Rank Abuse Cases based on Threat Modeling, Attack Patterns and Common Weakness Enumeration[Knowledge SourceUses CWE as a Knowledge Catalog of Issues to Avoid]

Imano Williams.
"Evaluating a Method to Develop and Rank Abuse Cases based on Threat Modeling, Attack Patterns and Common Weakness Enumeration". Master of Science Thesis. North Carolina Agricultural and Technical State University. 2015. <http://search.proquest.com/docview/1761832676>.